It was discovered that the protobuf library and code generated by the protobuf compiler store size information in an int variable, which may truncate size values on 64-bit architectures, leading to a heap-based buffer overflow. Acknowledgements: This issue was discovered by Florian Weimer of Red Hat Product Security.
Upstream bug: https://github.com/google/protobuf/issues/760